Rick Hillegas wrote:
Unfortunately, this change has proved painful to some users. See, for
instance, DERBY-3086 and the ongoing discussion on DERBY-3083.
Now that we have some experience with the 10.3 release,
I wonder how much that "some experience" is? Is there enough to make a
judgment?
- 10.3 has been only out for three months.
- There have been 2 Jiras entered for three (3) people, of which 2
were hitting a bug that can be (is being?) fixed.
- I only found one issue related to the default security manager being
raised on derby-user, are there more?
So do we believe that these users hitting problems represent 100% of the
user base or is it 50%, 1%, 0.1% or 0.01%?
Say there are 1,000 downloads a month, and 25% use the network server
without making security changes, that would mean that over 99% of the
network server users are running without problems and now running with a
more secure server (even if they don't realize it).
Even dropping to 10% of the users running the network server without
security changes means that 98.5% of those users have seen no issues.
I hate us to see us regress security based upon a couple of issues if
it's working ok (and is an improvement) for the majority.
Dan.
